cyberterrorism

What is cyberterrorism?

Cyberterrorism is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in violence. The definition is sometimes expanded to include any cyber attack that intimidates or generates fear in the target population. Attackers often do this by damaging or disrupting critical infrastructure.

Various security organizations view cyberterrorism and the parties involved differently. The U.S. Federal Bureau of Investigation (FBI) defines cyberterrorism as any “premeditated, politically motivated attack against information, computer systems, computer programs and data, which results in violence against noncombatant targets by subnational groups or clandestine agents.”

The FBI views a cyberterrorist attack as different from a common virus or denial of service (DoS) attack. According to the FBI, a cyberterrorist attack is a type of cybercrime explicitly designed to cause physical harm. However, there is no consensus among governments and the information security community on what qualifies as an act of cyberterrorism.

Physical harm is not always considered a prerequisite for classifying a cyber attack as a terrorist event. The North Atlantic Treaty Organization, known as NATO, has defined cyberterrorism as a cyber attack that uses or exploits computer or communication networks to cause “sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal.” According to the U.S. Commission on Critical Infrastructure Protection, possible cyberterrorist targets include the banking industry, military installations, power plants, air traffic control centers and water systems

Methods used for cyberterrorism

The intention of cyberterrorist groups is to cause mass chaos, disrupt critical infrastructure, support political activism or hacktivism, or inflict physical damage and even loss of life. Cyberterrorism actors use various methods. These include the following types of attacks:

• Advanced persistent threat (APT) attacks use sophisticated and concentrated penetration methods to gain network access. Once inside the network, the attackers stay undetected for a period of time with the intention of stealing data. Organizations with high-value information, such as national defense, manufacturing and the financial industry, are typical targets for APT attacks.
• Computer viruses, worms and malware target IT control systems. They are used to attack utilities, transportation systems, power grids, critical infrastructure and military systems.
• DoS attacks attempt to prevent legitimate users from accessing targeted computer systems, devices or other computer network These attackers often go after critical infrastructure and governments.
• Hacking, or gaining unauthorized access, seeks to steal critical data from institutions, governments and businesses.
• Ransomware, a type of malware, holds data or information systems hostage until the victim pays the ransom. Some ransomware attacks also exfiltrate data.
• Phishing attacks attempt to collect information through a target’s email, using that information to access systems or steal the victim’s identity.

What are examples of cyberterrorism?

Cyberterrorist acts are carried out using computer servers, other devices and networks visible on the public internet. Secured government networks and other restricted networks are often targets.

Examples of cyberterrorism include the following:

• Disruption of major websites. The intent here is to create public inconvenience or stop traffic to websites containing content the hackers disagree with.
• Unauthorized access. Attackers often aim to disable or modify communications that control military or other critical technology.
• Disruption of critical infrastructure systems. Threat actors try to disable or disrupt cities, cause a public health crisis, endanger public safety or cause massive panic and fatalities. For example, cyberterrorists might target a water treatment plant, cause a regional power outage or disrupt a pipeline, oil refinery or fracking operation.
• Cyberespionage. Governments often carry out or sponsor cyberespionage attacks. They aim to spy on rival nations and gather intelligence, such as troop locations or military strategies.

Is cyberterrorism a real threat?

The threat of cyberterrorism is greater than ever. In 2021, the Center for Strategic and International Studies (CSIS), a bipartisan, nonprofit policy research group, identified 118 significant cyber attacks that either occurred during that time or were acknowledged to have occurred earlier. Significant attacks, as the CSIS defines them, include those that target government agencies, defense and high-tech companies, as well as economic crimes with losses over $1 million.

Here are examples of 2021 attacks that CSIS identified:

• January. Hackers with ties to the Chinese government deployed ransomware attacks against five major gaming companies. They demanded over $100 million in ransom.
• February. Hackers tried to contaminate the water supply of Oldsmar, Fla., by exploiting a remote access system to increase the amount of sodium hydroxide present.
• March. The Polish government said it suspected Russian hackers had taken control of Poland’s National Atomic Energy Agency and Health Ministry websites for a short time. They tried to spread alarms about a radioactive threat that didn’t exist.
• May. North Korea carried out a cyber attack against South Korea’s state-run Korea Atomic Energy Research Institute by taking advantage of a virtual private network vulnerability.
• July. Iran used Facebook to target U.S. military personnel, posing as recruiters, journalists and nongovernmental organization personnel. The hackers sent files with malware and used phishing sites to trick victims into providing sensitive credentials.
• September. Hackers stole 15 terabytes of data from 8,000 organizations working with Voicenter, an Israeli company. The hackers offered the data online for $1.5 million.
• October. Brazilian hackers attacked a website belonging to Indonesia’s State Cyber and Password Agency.
• December. A Russian group claimed responsibility for a ransomware attack on CS Energy, an Australian utility company.